ProHoster > Ibhulogi > iindaba ze-intanethi > nginx 1.16.0 khupha

nginx 1.16.0 khupha

Emva konyaka wophuhliso imelwe ngu isebe elitsha elizinzileyo lomncedisi we-HTTP osebenza kakhulu kunye nomncedisi weprotocol ezininzi XLUMX, ethe yafunxa utshintsho oluqokelelweyo phakathi kwesebe eliphambili 1.15.x. Kwixesha elizayo, zonke iinguqu kwisebe elizinzile 1.16 ziya kuhambelana nokupheliswa kweempazamo ezinzulu kunye nobuthathaka. Isebe eliphambili le-nginx 1.17 liza kwenziwa ngokukhawuleza, apho ukuphuhliswa kweempawu ezintsha kuya kuqhubeka. Kubasebenzisi abaqhelekileyo abangenawo umsebenzi wokuqinisekisa ukuhambelana neemodyuli zomntu wesithathu, icetyisiwe sebenzisa isebe eliphambili, ngesiseko apho ukukhutshwa kwemveliso yorhwebo i-Nginx Plus yenziwa rhoqo kwiinyanga ezintathu.

Olona phuculo luphawulekayo longezwe ngexesha lophuhliso lwe-1.15.x yesebe elingasentla:

  • Wongeze amandla okusebenzisa izinto eziguquguqukayo 'kwizikhokelo'ssl_ isatifikethi'Kwaye'ssl_certificate_keyβ€˜, enokusetyenziselwa ukulayisha izatifikethi ngokuguqukayo;
  • Yongeza ukukwazi ukulayisha izatifikethi ze-SSL kunye nezitshixo ezifihlakeleyo ezivela kwizinto eziguquguqukayo ngaphandle kokusebenzisa iifayile eziphakathi;
  • Kwibhloko "phezuluΒ» umgaqo omtsha uphunyeziwe Β«Ngandlela-thileβ€œ, ngoncedo onokuthi ngalo ulungelelanise ulungelelwaniso lomthwalo ngokhetho olungakhethiyo lweseva yokuthumela umdibaniso;
  • Kwimodyuli ngx_stream_ssl_preread utshintsho luphunyeziwe $ssl_preread_protocol,
    exela olona guqulelo luphezulu lweprotocol ye SSL/TLS exhaswa ngumxhasi. Ukuguquguquka kuyavumela yenza ulungelelwaniso kunikezelo usebenzisa iindlela ezahlukeneyo zeprothokholi kunye nangaphandle kwe-SSL ngapha komsebenzi womnatha omnye wezibuko xa ubamba ummeli wetrafikhi usebenzisa i-http kunye nomjelo wemodyuli. Ngokomzekelo, ukulungelelanisa ukufikelela nge-SSH kunye ne-HTTPS nge-port enye, i-port 443 ingathunyelwa ngokungagqibekanga kwi-SSH, kodwa ukuba i-SSL version ichazwe, idlulisele kwi-HTTPS.

  • Utshintsho olutsha longezwe kwimodyuli ephezulu "$ upstream_bytes_sent", ebonisa inani leebhayithi ezigqithiselwe kumncedisi weqela;
  • Kwimodyuli stream ngaphakathi kwiseshoni enye, ukukwazi ukucubungula ii-datagram ezininzi ze-UDP ezingenayo ezivela kumxhasi zongezwe;
  • Umyalelo "izicelo_zommeli", ichaza inani leedathagrams ezifunyenwe kumxhasi, ekufikeleleni apho ukubophelela phakathi komxhasi kunye neseshoni ye-UDP ekhoyo isusiwe. Emva kokufumana inani elichaziweyo leedathagram, idathagram elandelayo efunyenwe kumxhasi ofanayo iqala iseshoni entsha;
  • Umyalelo wokumamela ngoku unamandla okuchaza uluhlu lwezibuko;
  • Umyalelo owongeziweyo "ssl_early_dataΒ»ukuvumela indlela 0-RTT xa usebenzisa i-TLSv1.3, ekuvumela ukuba ugcine iiparitha zoqhagamshelo lwe-TLS ekuxoxwe ngazo ngaphambili kwaye unciphise inani le-RTT ukuya kwi-2 xa uphinda uqalise uxhulumaniso olusekwe ngaphambili;
  • Izikhokelo ezitsha zongeziwe ukuqwalasela ugcino oluphilayo kuqhagamshelo oluphumayo (ukwenza okanye ukukhubaza i SO_KEEPALIVE ukhetho lwesokethi):

    • Β«iproxy_socket_keepalive" - iqwalasela "i-TCP keepalive" ukuziphatha kuqhagamshelo oluphumayo kumncedisi weproxied;
    • Β«fastcgi_socket_keepalive"- iqwalasela "i-TCP keepalive" ukuziphatha koqhagamshelwano oluphumayo kwi-FastCGI iseva;
    • Β«grpc_socket_keepalive" - iqwalasela ukuziphatha kwe "TCP keepalive" kuqhagamshelo oluphumayo kwiseva ye-gRPC;
    • Β«memcached_socket_keepalive" - iqwalasela i "TCP keepalive" ukuziphatha kuqhagamshelo oluphumayo kumncedisi we memcached;
    • Β«scgi_socket_keepalive" - iqwalasela i "TCP keepalive" ukuziphatha kuqhagamshelo oluphumayo kumncedisi we SCGI;
    • Β«uwsgi_socket_keepalive" - iqwalasela i "TCP keepalive" ukuziphatha kuqhagamshelwano oluphumayo kumncedisi we uwsgi.
  • Kumyalelo "umda_req" yongeza iparameter entsha "ukulibaziseka", ebeka umda emva kokuba izicelo ezingafunekiyo zilibaziseke;
  • Izikhokelo ezitsha "keepalive_timeout" kunye ne "keepalive_requests" zongezwe kwibhloko "ephezulu" ukubeka imida ye-Keepalive;
  • Umyalelo "ssl" uyekisiwe, endaweni yawo kwafakwa ipharamitha "ssl" kumyalelo othi "mamela". Izatifikethi ze-SSL ezingekhoyo ngoku zichongiwe kwinqanaba lovavanyo loqwalaselo xa usebenzisa β€œmamela” imiyalelo nge β€œssl” ipharamitha kwizicwangciso;
  • Xa usebenzisa i-reset_timedout_connection directive, uqhagamshelo ngoku luvaliwe ngekhowudi ye-444 xa ixesha lokuvala liphelile;
  • Iimpazamo ze-SSL "isicelo se-http", "i-https yesicelo sommeli", "iprothokholi engaxhaswanga" kunye "nohlobo oluphantsi kakhulu" ngoku ziboniswe kwilogi kunye nenqanaba "lolwazi" endaweni ye-"crit";
  • Inkxaso eyongeziweyo yendlela yokuvota kwiinkqubo zeWindows xa usebenzisa iWindows Vista kwaye kamva;
  • Ukukwazi ukusebenzisa TLSv1.3 xa usakha ngethala leencwadi le-BoringSSL, hayi nje i-OpenSSL.

umthombo: opennet.ru

Yongeza izimvo